Re: [AppArmor 00/44] AppArmor security module overview

From: Alan Cox
Date: Thu Jun 28 2007 - 06:25:37 EST

Next message: Joerg Schilling: "Re: Linux Kernel include files"
Previous message: Andrew Morton: "Re: [PATCH 0/6][TAKE5] fallocate system call"
In reply to: David Miller: "Re: [AppArmor 00/44] AppArmor security module overview"
Next in thread: Bill O'Donnell: "Re: [AppArmor 00/44] AppArmor security module overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Anyone can apply the apparmour patch to their tree, they get the
> > choice that way. Nobody is currently prevented from using apparmour
> > if they want to, any such suggestion is pure rubbish.
>
> The exact same argument was made prior to SELinux going upstream.

Its made for every thing before it goes upstream. It shouldn't be going
uptream until it works, is reliable and does something useful. Then if it
ever makes that grade it can go and sit in -mm for a bit to shake down .

> > Frankly I think AppArmour is a joke,
>
> "SELinux, AppArmor, and Hilary Clinton walk into a bar ..."

SELinux orders a beer object
AppArmor order a /beer
Hilary says "You are both under 21 you can't"
SELinux orders a shandy object
AppArmor orders a /shandy

SELinux is refused because the shandy mixer opened a beer object and
shandy inherited beer typing
AppArmor gets drunk because /shandy and /beer are clearly different

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Joerg Schilling: "Re: Linux Kernel include files"
Previous message: Andrew Morton: "Re: [PATCH 0/6][TAKE5] fallocate system call"
In reply to: David Miller: "Re: [AppArmor 00/44] AppArmor security module overview"
Next in thread: Bill O'Donnell: "Re: [AppArmor 00/44] AppArmor security module overview"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]